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WHAT IS CLAIMED IS: 

1. A data transmission controlling method for 
controlling transmission of data from data transmitting 
means to data receiving means over communication channels, 
said data transmission controlling method comprising the 
steps of : 

transmitting data encrypted by said data 
transmitting means to said data receiving means over a 
first communication channel provided for data 
transmission from said data transmitting means to said 
data receiving means; and 

transmitting to said data receiving means 
restrictive data transmission control information for 
causing the encrypted data to be received solely by 
specific data receiving means at least over a second 
communication channel which, having a smaller capacity of 
data transmission than said first communication channel, 
is also used for data transmission from said data 
receiving means to said data transmitting means. 

2. A data transmission controlling method 
according to claim 1, wherein said second communication 
channel is a communication channel permitting 
bidirectional communication between said data 
transmitting means and said data receiving means. 
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3. A data transmission controlling method 
according to claim 1, wherein said data transmitting 
means performs data encryption using an encryption key 
and wherein said encrypted data from said data 
transmitting means are decrypted by said data receiving 
means utilizing a decryption key identical to said 
encryption key used in the data encryption. 

4. A data transmission controlling method 
according to claim 3, wherein said encryption key and 
said decryption key are session keys for encrypting and 
decrypting information and data. 

5. A data transmission controlling method 
according to claim 4 # wherein said session keys are 
updated at predetermined intervals. 

6. A data transmission controlling method 
according to claim 4, wherein said data transmitting 
means and said data receiving means have a master key 
specific to said data receiving means; 

wherein said data transmitting means encrypts said 
session keys using said master key and transmits the 
encrypted session keys to "said data receiving means over 
either said first communication channel or said second 
communication channel; and 

wherein said data receiving means decrypts said 
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encrypted session keys received using said master key. 

7. A data transmission controlling method 
according to claim 6, wherein said data transmitting 
means possesses said session keys corresponding to all 
data receiving means authorized to receive specific 
information and data; and 

wherein said data transmitting means transmits in 
advance said session keys to said data receiving means 
authorized to receive specific information and data. 

8. A data transmission controlling method 
according to claim 1, wherein said first communication 
channel is a satellite link permitting unidirectional 
communication from said data transmitting means to said 
data receiving means; and 

wherein said second communication channel is a 
communication channel permitting bidirectional 
communication between said data transmitting means and 
said data receiving means. 

9. A data transmission controlling method 
according to claim 1, wherein said data receiving means 
is constituted as an IP router. 

10. A data transmission controlling method 
according to claim 1, wherein said data receiving means 
is constituted as a bridge. 
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11. A data transmission system comprising: 
data transmitting means for encrypting data and 
transmitting the encrypted data; 

data receiving means for receiving said encrypted 
data from said data transmitting means; 

a first communication channel used for data 
transmission from said data transmitting means to said 
data receiving means; and 

a second communication channel which is also used 
for data transmission from data receiving means to said 
data transmitting means and which has a smaller capacity 
of data transmission than said first communication 
channel ; 

wherein said first communication channel is used to 
transmit said encrypted data; and 

wherein at least said second communication channel 
is used to transmit restrictive data transmission control 
information for causing said encrypted data to be 
received solely by specific data receiving means. 

12. A data transmission system according to claim 
11, wherein said data transmitting means performs data 
encryption using an encryption key and wherein said 
encrypted data from said data transmitting means are 
decrypted by said data receiving means utilizing a 



decryption key identical to said encryption key used in 
the data encryption . 

13. A data transmission system according to claim 

12, wherein said encryption key and said decryption key 
are session keys for encrypting and decrypting 
information and data. 

14. A data transmission system according to claim 

13, wherein said session keys are updated at 
predetermined intervals . 

15. A data transmission system according to claim 
13, wherein said data transmitting means and said data 
receiving means have a master key specific to said data 
receiving means; 

wherein said data transmitting means encrypts said 
session keys using said master key and transmits the 
encrypted session keys to said data receiving means over 
either said first communication channel or said second 
communication channel; and 

wherein said data receiving means decrypts said 
encrypted session keys received using said master key. 

16. A data transmission system according to claim 
15, wherein said data transmitting means possesses said 
session keys corresponding to all data receiving means 
authorized to receive specific information and data; and 



wherein said data transmitting means transmits in 
advance said session keys to said data receiving means 
authorized to receive specific information and data. 

17. A data transmission system according to claim 
11, wherein said first communication channel is a 
satellite link permitting unidirectional communication 
from said data transmitting means to said data receiving 
means . 

18. A data transmission system according to claim 
11, wherein said data receiving means is constituted as 
an IP router. 

19. A data transmission system according to claim 
11, wherein said data receiving means is constituted as a 
bridge . 

20. A data transmission controlling method for 
controlling transmission of data from data transmitting 
means to data receiving means over communication channels 
and for causing said data transmitting means to encrypt 
data and transmit the encrypted data to said data 
receiving means over said communication channels, said 
data transmission controlling method comprising the steps 
of: 

encapsulating the data to be transmitted in 
multiplexed fashion in accordance with a plurality of 
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protocols ; and 

encrypting at least one of data capsules resulting 
from the encapsulation. 

21. A data transmission controlling method 
according to claim 20, wherein the data encapsulating 
step includes: 

a first encapsulating step for encapsulating the 
data to be transmitted to said data receiving, means in 
accordance with a first protocol; and 

a second encapsulating step for further 
encapsulating the encapsulated data from said first 
encapsulating step in accordance with a second protocol; 

wherein said first encapsulating step supplements a 
real data part including said data to be transmitted to 
said data receiving means with an additional information 
part associated with said real data part, said first 
encapsulating step further encrypting said real data part. 

22. A data transmission controlling method 
according to claim 21, wherein said additional 
information part includes destination address information 
identifying the data receiving means authorized to 
receive data included in said real data part. 

23. A data transmission controlling method 
according to claim 22, wherein said destination address 
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information is either individual or group destination 
address information . 

24. A data transmission controlling method 
according to claim 2 2 , wherein said data transmitting 
means possesses session keys corresponding to said 
destination address information, said session keys being 
used by said data transmitting means to encrypt 
information and data and by said receiving means to 
decrypt the encrypted information and data received; and 

wherein said data transmitting means transmits in 
advance said session keys to the data receiving means 
authorized to receive the transmitted information and 
data in accordance with said destination address 
information . 

25. A data transmission controlling method 
according to claim 24 , wherein said session keys are 
updated at predetermined intervals. 

26. A data transmission controlling method 
according to claim 24, wherein said session keys are 
transmitted over a communication channel permitting 
either unidirectional communication from said data 
transmitting means to said data receiving means or 
bidirectional communication therebetween . 

27. A data transmission controlling method 
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according to claim 21, wherein said first encapsulating 
step uniquely determines how said destination address 
information attached to said real data part is stored 
into said additional information part, said first 
encapsulating step further encrypting said real data part 
using a master key specific to the data receiving means 
corresponding to said destination address information. 

28. A data transmission controlling method 
according to claim 22, wherein said additional 
information part provides a 48 -bit space in which to 
accommodate said destination address information . 

29. A data transmission controlling method 
according to claim 21 , wherein said first encapsulating 
step encapsulates the data to be transmitted to said data 
receiving means in accordance with either the Internet 
protocol or the Ethernet protocol. 

30. A data transmission controlling method 
according to claim 20, wherein said data receiving means 
is constituted as an IP router . 

31. A data transmission controlling method 
according to claim 20 , wherein said data receiving means 
is constituted as a bridge . 

32. A data transmission controlling method for 
controlling transmission of data from data transmitting 
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means to data receiving means over communication channels 
and for causing said data transmitting means to encrypt 
data and transmit the encrypted data to said data 
receiving means over said communication channels, said 
data transmission controlling method comprising the steps 
of: 

encrypting data using an encryption key; 

supplementing the encrypted data with encryption 
key information about said encryption key; 

transmitting said encrypted data together with said 
encryption key information from said data transmitting 
means to said data receiving means; and 

- decrypting said encrypted data using one of a 
plurality of decryption keys which allow said data 
receiving means to decrypt said encrypted data and which 
are updated frequently, said one of the decryption keys 
being selected in accordance with said encryption key 
information attached to said encrypted data. 

33. A data transmission controlling method 
according to claim 32, wherein said plurality of 
decryption keys include a -decryption key which is 
currently usable for decrypting said encrypted data 
received, and a decryption key which is to be used next 
to decrypt said encrypted data received; and 
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wherein said data decrypting step selects the 
currently usable decryption key based on said encryption 
key information . 

34. A data transmission controlling method 
according to claim 33 , wherein said encryption key and 
said decryption keys are session keys for encrypting 
information and data. 

35. A data transmission controlling method 
according to claim 34, wherein said session keys are 
updated at predetermined intervals. 

36. A data transmission controlling method 
according to claim 32, wherein said data receiving means 
is constituted as an IP router. 

37. A data transmission controlling method 
according to claim 32, wherein said data receiving means 
is constituted as a bridge. 
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